Difference between revisions of "GCube Clients Integration with security"
(→Common Security Library) |
|||
Line 1: | Line 1: | ||
− | GCube Client Security is implemented by common-security library, based on the new ''FeatherWeightStack'' (FWS) and described at high level in [[Integration_and_Interoperability_Facilities_Framework:_Client_Libraries_Design_Model#Security_Management|Client Security Library]] and with more details in [[SOA3 Connector]]. | + | ==Overview== |
+ | GCube Client Security is implemented by '''common-security''' library, based on the new ''FeatherWeightStack'' (FWS) and described at high level in [[Integration_and_Interoperability_Facilities_Framework:_Client_Libraries_Design_Model#Security_Management|Client Security Library]] and with more details in [[SOA3 Connector]]. | ||
In particular this section describes how to set credentials in a gCube call. These information are valid for standalone clients and clients running in a GHN: in the second case, the container transparently sets the default credentials in the message. This default behavior can be overridden by code using this information. | In particular this section describes how to set credentials in a gCube call. These information are valid for standalone clients and clients running in a GHN: in the second case, the container transparently sets the default credentials in the message. This default behavior can be overridden by code using this information. | ||
Revision as of 12:48, 12 March 2013
Overview
GCube Client Security is implemented by common-security library, based on the new FeatherWeightStack (FWS) and described at high level in Client Security Library and with more details in SOA3 Connector. In particular this section describes how to set credentials in a gCube call. These information are valid for standalone clients and clients running in a GHN: in the second case, the container transparently sets the default credentials in the message. This default behavior can be overridden by code using this information.
Common Security Library
The library is composed by two jars:
- common-security.jar
- gcube-security-utils.jar
both the jars are part of SOA3 connector and are integrated in the libs of the containes. They can also be used standalone because their only dependency is on common-gcore-stub library, which is built on FWS stack.
The library provides two main interfaces:
- CredentialManager
- Credentials
The Interface CredentialManager defines a singleton InheritableThreadLocal
Object with methods to set, get and remove the credentials for the current Thread. The InheritableThreadLocal feature allows the inserted Credential to be valid for this thread and its descendents till the next call to the method set.
The interface Credentials defines the nature of the objects containing the actual credentials, several implementations are provided:
- X509TLSCredentials, defining TLS and X509 based credential
- UserNamePasswordCredentials, for username/password based Message Level Security
- FederatedCredentials, for SAML Assertion ID based authentication
- X509CombinedCredentials, to be used in combination with another Credentials object to combine TLS with Message Level Security
- Base64EncodedCredentials, to be used in combination with another Credentials object to Base64 encode the Message Level Security data
Use of the Library
The Developer should only define the Credentials object and set it in the CredentialManager. The FWS, in the background, will add the Credentials just before sending the message. It is important to remember that Message Level Security data must be Base64 encoded.
For example, let's consider to implement a client for a gCube Service sample using the credentials Username=gCube, Password=gCube. The code is the following:
UserNamePasswordCredentials pureCredentials = new UserNamePasswordCredentials("gCube", "gCube".toCharArray()); Base64EncodedCredentials encodedCredentials = new Base64EncodedCredentials(pureCredentials); //Base64 encodes the credentials CredentialManager.instance.set(fedCredentials); //sets the credentials in the Credential Manager stub = stubFor(stateless).at(URI.create("http://localhost:9999/wsrf/services/acme/sample/stateless")); // creates the stub
More information on the use of the Credentials implementations can be found in the javaDocs.